Security analysts called 2013 the year of the mega breach, and severe vulnerabilities such as Heartbleed and Shellshock in 2014 showed that the security community can never rest on its laurels.

All indications are that 2015 will bring more of the same, with the struggle between those wishing to create new threats and exploit vulnerabilities and those looking to protect against them likely to intensify. Advancements in the Internet of Things also means consumers will have increased connectivity across their devices, gadgets and machines – and with this connectivity comes the potential for a whole new range of security risks.

Will the Internet of Things usher in a new wave of security attacks? As countries move towards their smart nation master plans, what role will Big Data play? What’s next in the mobile security space?

Symantec’s APJ security predictions for 2015 takes a look at issues that will affect individual consumers, businesses and governments in the region: 

1. Attacks on the Internet of Things (IoT) will focus on smart home automation:  With smart home automation gaining popularity amongst consumers across Asia Pacific and Japan, Symantec anticipates that commoditized “plug and play” consumer devices such as CCTV cameras and remote access controls for alarms, lighting and climate control will be exploited by cybercriminals.

   While the embedded and small devices continue to become more prevalent, unfortunately not many of these devices are deployed with internet security in mind. These devices tend to have limited memory and system resources and do not have the computing power of a typical desktop.

   Obviously there is a search engine that allows people to do an online search for Internet-enabled devices, ranging from security cameras, to cars, home heating systems and more. Although the search engine does not reveal vulnerabilities, it makes it easier for IoT devices to be found, which cybercriminals can then target and exploit. For instance, the recent news about Insecam.com, a website believed to be from Russia, is broadcasting feeds from or IP cameras all over the world.

   That said, we won’t see any large-scale attacks leveraging IoT, but instead one-off attacks against connected devices such as home routers, Smart TVs and connected car apps, for example, for sensitive and private information.
    

2. Mobile devices will become even more attractive targets: Mobile devices will continue to become a target for cyber attackers especially when mobile devices store up a trove of personal and confidential information and are left switched on all the time, making them the perfect targets for attackers.

   Mobile devices will become even more valuable as mobile carriers and retail stores transition to mobile payments. For example, Apple Pay certainly addresses some of the weaknesses that have facilitated recent attacks on Point-of-Sale (PoS) systems. However, this should not be cause for complacency, since attackers will usually look for other weaknesses once an avenue of attack has been closed off. Should Apple Pay take off as a payment method, attackers are likely to rigorously test the security in place around near-field communication (NFC) payments.
    

3. Machine learning will be a game changer in the fight against cybercrime: A new generation of business platforms is emerging from the convergence of machine learning and big data and it will be a game changer in cybersecurity. Machine learning is a form of deep learning that may be considered as the first step in artificial intelligence.   There is a critical need to stay “proactive” against threats, instead of reacting to them and machine learning will help security vendors stay one step ahead of cybercriminals. The ability for machine learning to predict cyberattacks will improve detection rates and may just be the key that reverses the trend on cybercrime. 
    
4. Privacy will continue to be sacrificed for mobile apps: We believe that some mobile users will continue to trade their privacy in exchange for mobile apps. While many Internet users are reluctant to share banking and personal identifiable information online, others are willing to share information about their location, and mobile device battery life as well as allow access to photos, contact lists and fitness information, all in exchange for mobile apps.

   In addition, many consumers really don’t know what they are agreeing to when downloading apps.  For example, Norton Research has shown that while Millennials may think they know what they are allowing access to, the reality is they have very little idea of what they are agreeing to when it comes to trading information for apps.   
    

5. Scammers will continue to run profitable ransomware scams: According to Symantec’s Internet Security Threat Report, ransomware attacks grew by 500 percent and turned vicious in the latter part of 2013. This growth was largely due to the success of Ransomcrypt, commonly known as Cryptolocker. This particularly aggressive form of ransomware made up 55 percent of all ransomware in the month of October alone. This threat is designed to encrypt a user’s files and request a ransom for the files to be unencrypted. Ransomware causes even more damage to businesses where not only the victims’ files are encrypted but also files on shared or attached network drives. Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks.  However recently ransomware makers have started leveraging online and electronic payment systems such as Bitcoins, Webmoney, Ukash, greendot (MoneyPak) to get around this challenge. Crooks like the relative anonymity and convenience of electronic payments and these are already readily available, putting businesses and consumers at greater risk from losing data, files or memories.
    
6. The prominent data leaks of 2014 will keep cybersecurity in the spotlight in 2015: With the interconnected nature of a global internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed.  2015 will see the evolution of the Personal Data Protection Act, especially in the Asia Pacific region as it makes a real impact in people’s lives, towards ensuring that individuals and organisations have the right mindset with regards to online security and cybercrime prevention.
    
7. Distributed denial-of-service (DDoS) will continue to rise as a threat: Yet another trend seen in 2014 is the increase in Unix servers being compromised and their high bandwidth being used in DDoS attacks. The motivation of the attacker can vary widely, with hacktivism, profit, and disputes being the main reasons. Considering the ease of conducting large DDoS attacks, Symantec expects that the DDoS growth trend will continue in the future. The likelihood of being targeted by short but intensive DDoS attacks is rising.
    
8. ​User behaviour will take centre stage as security moves beyond passwords: With the password system constantly under attack by cybercriminals, security vendors and providers are facing increasing challenges on ways to balance the need for convenience against complexity while providing users with the seamless experience that they demand. Adopting multi-factor authentication techniques such as one-time passwords or iris and fingerprint scanning may provide alternate safeguard methods, but at times they may not be the safest options. The true solution to protecting valuable information lies in users’ behaviour, which is ultimately how we can prevent our personal online assets and identities from being compromised.
    
9. The Cloud will take us to Infinity and Beyond: In 2015, we expect to see more and more data hosted in the cloud but as this move occurs, businesses will need to take a closer look at data governance and ensuring their data is cleaned before it is hosted in the cloud. Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. For consumers, the cloud in 2015 represents an infinite amount of personal information being hosted remotely and debate around the right to access, control, and protect private data in the cloud will continue to escalate. 
    
10. The front lines of cybersecurity will be strengthened by closer industry partnerships and collaborations: The fight against cybercrime cannot be won alone and the security industry together with telecommunication providers and governments from around the world are joining forces to beat the war on cybercrime. The security industry is one of few in the world that has a ‘nemesis industry’ constantly working against it to bring it down. That’s why beating the war on cybercrime requires a different approach. 

    For example, while in 2015, attackers will continue to look for new vulnerabilities so that they can “hack the planet”, open source platforms will continue to address these vulnerabilities through greater industry coordination, collaboration and response. We see this as a positive sign and Symantec believes that open source platforms can only get better in the future. 

Highlights from October 2014 Intelligence Report - Key Findings

• Of the industries attacked through spear phishing, the category of Finance, Insurance, and Real Estate received 28 percent of all attempts in the month of October.

• The largest data breach in October had previously been reported; however, we learned this month that the breach resulted in the exposure of identities within 76 million households.

• OSX.Okaz was the most frequently encountered OSX risk seen on OSX endpoints, making up 28.8 percent of OSX risks.

• Crypto-style ransomware made up 55 percent of all ransomware seen in the month of October.

Small-scale mobile app software entrepreneurship has been described as the cottage industry of the 21st century. It allows talented software developers to apply their skills to create new and innovative mobile apps, with the hope of becoming the next big thing and, perhaps, even attaining the trappings of wealth associated with success. However, with over 1 million apps available for download on the Google Play Store, for every success story there are countless apps that fail to deliver.

While I was researching a new Android remote administration tool (RAT) known as DroidJack (detected by Symantec as Android.Sandorat), it soon became apparent that its authors had actually started off as Android app developers. In their own words, they were “budding entrepreneurs trying to develop and apply skills that we have gained.” With limited success of their legitimate app on the Google Play Store, they soon turned their skills to creating and selling an Android crimeware tool, known as SandroRAT, on a hacker forum. In August 2014, this same tool was reported in the media to have been used in cybercriminal activity targeting Polish banking users through a phishing email. This tool has since evolved into DroidJack RAT and is now being openly sold on its own website at a cost of US$210 for a lifetime package.

Figure 1. DroidJack website logo

Evolution
On April 26, 2013, the Sandroid RAT was released on the Google Play Store. The authors described the app as being a free tool that lets users control their PC without advertisements.

Figure 2. DroidJack website logo

On December 29, 2013, there was an announcement on a hacker forum of a new project called SandroRAT. The forum poster linked the project back to the Sandroid app available on the Google Play Store, referring to SandroRAT as being a kind of “vice-versa” to the Sandroid app, while also commenting on how it remains hidden on the phone.  

Figure 3. SandroRAT control panel

On June 27, 2014, there was an announcement from the same poster on the same hacker forum of a next-generation Android RAT, known as DroidJack.

Figure 4. DroidJack control panel

Capabilities
DroidJack has similar features to other Android RATs, such as AndroRAT and Dendroid. Some of the more than 50 features on offer include the following:

• No root access required
• Bind the DroidJack server APK with any other game or app
• Install any APK and update server
• Copy files from device to computer
• View all messages on the device
• Listen to call conversations made on the device
• List all the contacts on the device
• Listen live or record audio from the device's microphone
• Gain control of the camera on the device
• Get IMEI number, Wi-Fi MAC address, and cellphone carrier details
• Get the device’s last GPS location check in and show it in Google Maps

Figure 5.  Screenshot from DroidJack marketing video, which shows GPS pinpointer location feature using Google Maps

Legality
Law enforcement is getting more aggressive in its stance against the creation and use of RATs. In May 2014, the FBI, Europol, and several other law enforcement agencies arrested dozens of individuals suspected of cybercriminal activity centered on Blackshades (detected as W32.Shadesrat), a RAT for personal computers that was sold on a dedicated website. Moreover, the recent arrest and indictment of a man in Los Angeles for allegedly conspiring to advertise and sell StealthGenie (Android.Stealthgenie), a mobile application similar to DroidJack, shows that law enforcement is continuing its campaign against any technology designed to invade an individual’s privacy.

In an attempt to distance themselves from any responsibility for illegal activity, the authors of DroidJack have included a disclaimer in their marketing material.  Similar disclaimers have been used in the past by other malware authors, such as the Mariposa botnet author, who unsuccessfully claimed on his website that the software was only for educational purposes. Whether the authors of DroidJack truly believe that this disclaimer absolves them of any responsibility is irrelevant, as naivete is not a defense in law.

Figure 6. Disclaimer used in DroidJack marketing

Attribution
If the author or authors of DroidJack meant to cover up their tracks, they have not done a good job.  Some simple investigations lead back to the names and telephone numbers of several individuals initially involved in the creation of Sandroid, supposedly based out of Chennai in India. However, whether all of the initial developers are still involved in the creation of DroidJack is not clear. Their marketing video for DroidJack also clearly shows the GPS pinpointer locator function homing in on a location in India. If the authors of DroidJack are truly based out of India, cyber law in India indicates that the creation of such software would be seen as an offense.

Protection summary
Symantec offers the following protection against DroidJack.

Antivirus

• Android.Sandorat
• Android.Malapp (prior to the release of Sandorat)

Per verificare le versioni di Microsoft .NET installate nel computer,  la maniera più semplice è quella di eseguire da Pannello di Controllo - Programmi Installati dove sono riportate tutte le applicazioni installate.
Questo metodo fornisce solamente una semplice visualizzazione di cosa è installato senza riportare nessuna altra informazioni quali le versioni mancanti o da aggiornare.  Se volete avere una visualizzazione più completa allora sono disponibili alcuni tool quali il programma .NET Version Detector.

Questo programma distribuito con licenza freeware, è distribuito come programma portatile da memorizzare su una memoria USB e consente di eseguire una verifica completa delle versioni di Microsoft .Net installate nel computer.

Dopo aver eseguito questo tool, viene mostrato l'elenco completo di tutte le versioni e fornisce delle indicazioni riguardo le versioni eventualmente assenti, da aggiornare, ecc.
Su ogni singola versione sono presenti delle icone che consentono di aprire la cartella dove è installata la versione oppure nel caso che sia richiesto l'aggiornamento è presente il link che consente il download della versone aggiornata.

Link : .NET Version Detector

El pasado Octubre, fue el mes de la concienciación nacional sobre ciberseguridad en los Estados Unidos. En la actualidad, existe una enorme cantidad de aplicaciones móviles gratuitas en el mercado, pero muchas veces hay “cargos ocultos” en estas y algunas buscan  obtener algo a cambio. 

Las aplicaciones móviles han transformado la forma en que interactuamos con nuestros smartphones y tablets. Si está buscando una manera rápida de acceder a sus cuentas bancarias, una herramienta para aumentar la productividad mientras se traslada de un lugar a otro o un juego que le permita pasar el tiempo mientras espera un autobús, encontrará una aplicación para cada una de estas situaciones. A su vez, tenga en cuenta que todo lo que haga en su teléfono también se almacenará en él. Dado que los smartphones se están transformando en un banco de datos personales, indudablemente, la privacidad es una preocupación creciente. No obstante, las infracciones a la privacidad no siempre provienen de software malicioso móvil o de intentos de phishing.

Con cientos de miles de aplicaciones gratuitas en Google Play, por ejemplo, suele haber una gran cantidad de opciones para elegir de cada categoría de aplicación. El hecho de que muchas de ellas se puedan descargar en cuestión de segundos significa que está a solo instantes de instalar una herramienta que podría brindarle una nueva funcionalidad para su dispositivo móvil. No obstante, la simplicidad y la gratificación instantánea del proceso de descarga también se pueden convertir en su peor enemigo. Puede enterarse de una gran aplicación gratuita que hace furor entre sus amigos y precipitarse a descargarla para unirse al grupo. Sin embargo, ¿se ha detenido alguna vez a pensar qué es lo que realmente hace que esa aplicación gratuita sea gratuita?

Los “cargos” ocultos en las aplicaciones móviles de uso gratuito

Prácticamente el 50% de las aplicaciones gratuitas utilizan publicidad incorporada en la aplicación, de acuerdo con los datos del equipo de Security Technology and Response (STAR) de Symantec de agosto de 2014. Algunas aplicaciones cuentan con bibliotecas de anuncios incorporadas a la aplicación. Durante el proceso de instalación, los usuarios pueden no darse cuenta de que puede haber otras aplicaciones incluidas con la aplicación que están descargando. Los permisos que otorgue a la aplicación principal también se conceden a las otras aplicaciones incluidas: en este caso, a la biblioteca de anuncios incorporada a la aplicación. Gracias a estos permisos, la biblioteca de anuncios puede tener acceso a servicios de localización, a su libreta de direcciones, sus mensajes de texto, sus correos electrónicos y mucho más. De esa manera, estas bibliotecas pueden usar estos servicios para hacer un seguimiento intensivo de sus hábitos de uso a fin de adaptar los anuncios a sus intereses. Estos anuncios pueden generar comportamientos muy intrusivos y molestos que afectarán su experiencia móvil, como la aparición de anuncios en la barra de notificaciones o de iconos en la pantalla de inicio, los cuales pueden vincular directamente a los anuncios. Básicamente, esta información y esta aparición de anuncios en su dispositivo son los “cargos” ocultos que usted “pagaría” por usar la aplicación. Además de invadir la privacidad, estas aplicaciones secundarias también pueden representar un consumo excesivo para el hardware de su teléfono, como el procesador y la vida de la batería.

Una pequeña precaución extra puede ser de gran ayuda para mantenerse protegido:

• Al instalar una aplicación, examine minuciosamente a qué servicios solicita acceso la aplicación. ¿Para qué querría una aplicación de clima acceso a su libreta de direcciones? Además, tenga en cuenta que no está mal denegar el permiso a la aplicación si la solicitud no parece ser relevante para las funciones de la aplicación.
• Nadie quiere hacerlo, pero cuando descargue una aplicación, lea la política de privacidad antes de instalarla. La política de privacidad le debe ofrecer un panorama completo de la información a la que la aplicación intenta acceder en su teléfono y qué intentará hacer con esa información. Si esa información no está expresada claramente en la política de privacidad, no descargue la aplicación, ya que no sabrá exactamente qué ocurrirá con su información. Una vez que acepta el acuerdo del usuario, le concede legalmente permiso al desarrollador de la aplicación para recopilar información personal y hacer lo que desee con ella, lo cual, en ocasiones, implica la venta de datos a terceros. Para poder tomar una decisión fundamentada sobre la cantidad de información privada que está dispuesto a revelar, lea los acuerdos de usuario y las políticas de privacidad de las aplicaciones.

Con Mallon, Director General de Consumer Mobile Product Management de Symantec, señala a continuación en sus tres principales consejos sobre seguridad de aplicaciones que hay una serie de señales reveladoras en Google Play diseñadas para ofrecer transparencia acerca de las credenciales de una aplicación.

Tres consejos principales para la seguridad de las aplicaciones

• Dedique tiempo a leer las reseñas de la tienda de aplicaciones: la calificación de una aplicación puede indicarle algo.
• Preste atención a la fecha de publicación de la aplicación. ¿Qué opina acerca de usar una aplicación nueva o una que ya usan algunas personas? ¿Cómo se corresponde con su tolerancia a los riesgos?
• No presione el botón de instalar demasiado rápido. Respecto de las aplicaciones para Android, se le presentará una lista de “permisos” que el desarrollador de la aplicación solicita para la aplicación. Si se solicitan muchos permisos, deténgase por un instante a pensar: ¿cree que la aplicación realmente necesita todos esos permisos?

Por eso, si bien el uso de una aplicación gratuita no le cuesta dinero, la aplicación desea obtener algo a cambio: acceso a su información personal. Los desarrolladores de aplicaciones tienden a ganar dinero con los servicios publicitarios, lo que crea la ilusión de que la aplicación es gratuita para el usuario. Lo que debe pensar cuando instala una aplicación es qué cantidad de su información privada está dispuesto a intercambiar a cambio de la aplicación en cuestión.

Si desea poder identificar las aplicaciones que presentan riesgos de forma certera y controlar su privacidad, considere la posibilidad de suscribirse a un servicio de seguridad que incluya tecnología de análisis de aplicaciones que analice los comportamientos de las aplicaciones y elabore informes sobre ellos, como Norton Mobile Security o Norton Security en caso de que desee proteger sus equipos PC y Mac además de sus dispositivos móviles.

Science, technology, engineering and math (STEM) education is a key philanthropic focus area for Symantec. Despite the career opportunities and job growth in STEM fields, there is a shortage of interest among young people, particularly among women and minorities. Among the students who took the 2013 ACT exams, only 23% of high school seniors expressed interest in pursuing STEM college majors and careers. Symantec has promised an investment of $20 million by 2020 to support STEM education. The partnership with the Boys & Girls Clubs of America is a strategic and vital step in promoting STEM education among youth.

One piece to promoting STEM careers among young people is to introduce them to occupations in STEM, what they entail and the steps one can take to pursue such a career. Four Symantec employees share their career paths in short videos on the Boys & Girls Clubs of America website, myclublife.com, from the courses they took in high school and college to the varying jobs they had prior to joining Symatec. Each has a dedicated page and brief video as part of the “STEM 101: Careers” article series. They share encouraging advice and knowledge of their respective journeys, with a common thread of pursuing one’s passion and taking the necessary steps to enhance learning and growth in science, technology, engineering, and math. Each of their pages and videos can be accessed below.

Follow your passion. Do what you love and love what you do. Read. Be interested, and interesting. Take as many systems and systems integration classes as you can, take computer programming and design, and as many technical classes as you can. ~ Kim Byelick, Senior Principal Program Manager at Symantec

Watch Kim’s video here. http://www.myclubmylife.com/Arts_Tech/Pages/stem-careers-science.aspx

Choose a career you love, and I promise you, you will never work a day in your life, so read and absorb all you can. Ask questions often and continue to follow your dreams. As the great Nelson Mandela said, ‘It only seems impossible, until it is done.’ ~ Adriana Babino, Security Solutions Architect at Symantec

Watch Adriana’s video here. http://www.myclubmylife.com/Arts_Tech/Pages/stem-careers-technology.aspx

What I would encourage is, now middle schools and many high schools are offering classes in [STEM]. They are typically titled ‘Intro to Programming,’ ‘Intro to Engineering,’ ‘Web design,’ ‘App design.’ Go explore those. Don't be intimated; there will always be someone who already knows it, but it doesn't matter, you are there to learn, so go try them out. ~ Nehal Mehta Director, Technology Alliances at Symantec

Watch Nehal’s video here. http://www.myclubmylife.com/Arts_Tech/Pages/stem-careers-engineering.aspx

The key to my success is that I have always loved what I am doing. My education was fun and exciting, not always easy, but having the opportunity to do something that I love every day is amazing. To me, this is key to happiness in life. Find what ignites your passion, and pursue it with everything you have. I wake up every day looking forward to the new challenges that day will bring. ~ Rob Lindenbusch, Principle Product Specialist at Symantec  

Watch Rob’s video here. http://www.myclubmylife.com/Arts_Tech/Pages/stem-careers-mathematics.aspx

Outubro foi o mês de Conscientização Nacional da Segurança Cibernética (National Cyber Security Awareness). Existem milhões de apps gratuitos para dispositivos móveis no mercado, mas a maioria deles inclui um "preço oculto" que não é divulgado. Alguns apps gratuitos procuram algo em troca.

Os apps para dispositivos móveis transformaram a forma como interagimos com nossos smartphones e tablets. Se você estiver procurando uma forma rápida de acessar suas contas bancárias, uma ferramenta para torná-lo mais produtivo enquanto estiver em trânsito ou um jogo para se distrair no ponto de ônibus, haverá um app para cada uma dessas situações. Lembre-se, porém, de que tudo o que você fizer no seu telefone ficará armazenado nele. Com os smartphones se tornando um banco dos nossos dados pessoais, a preocupação com a privacidade certamente aumenta. No entanto, violações de dados nem sempre são provenientes de malware em dispositivos móveis ou tentativas de phishing.

Com centenas de milhares de apps gratuitos no Google Play, por exemplo, existem sempre várias opções de escolha em cada categoria de apps. Como o download de muitos deles pode ser feito em poucos segundos, em apenas alguns minutos você pode instalar uma ferramenta que pode trazer uma funcionalidade nova e inovadora para seu dispositivo móvel. Mas essa simplicidade e gratificação instantânea do processo de download podem também se transformar em seus piores inimigos. Seus amigos podem estar animadíssimos com um novo app gratuito, e você corre para fazer o download dele e ficar a par da novidade. Entretanto, você já parou para pensar o que torna esse app uma ferramenta gratuita?

O "preço" oculto dos aplicativos gratuitos para dispositivos móveis

Quase 50% dos apps gratuitos utilizam publicidade incorporada, de acordo com os dados do Symantec Threat And Response (STAR) de agosto de 2014. Alguns contam com bibliotecas de anúncios incorporadas ao app. Durante o processo de instalação, os usuários podem não perceber que outros aplicativos podem estar incluídos no app que está sendo baixado. As permissões que você concede ao aplicativo pai são também concedidas aos outros apps integrados; nesse caso, a biblioteca de anúncios incorporada ao app. Essas permissões permitem que a biblioteca de anúncios tenha acesso potencialmente aos serviços de localização, a seu catálogo de endereços, mensagens de texto, e-mails e mais. Essas bibliotecas podem então usar esses serviços para rastrear agressivamente seus hábitos de uso a fim de personalizar os anúncios de acordo com os seus interesses. Esses anúncios podem causar comportamentos bastante intrusivos e irritantes, como a inclusão de anúncios na sua barra de notificações ou de ícones na sua tela inicial, que podem ser vinculados diretamente aos anúncios. Essencialmente, essas informações e a inclusão de anúncios nos seus dispositivos são o "preço" oculto que você "paga" para usar o aplicativo. Além da invasão de privacidade, esses apps secundários são também um grande peso no hardware do seu telefone, como o processador e a duração da bateria.

Um pouco mais de cuidado pode trazer grandes resultados para a manutenção da sua proteção:

• Ao instalar um app, examine cuidadosamente os serviços aos quais o aplicativo solicita acesso. Por que um app de previsão de tempo deseja acessar o seu catálogo de endereços? Saiba que não há nada de errado em negar permissão ao app se a solicitação não for relevante às funções às quais ele se presta.
• Ninguém tem paciência para isso, mas ao fazer o download de um app, leia a política de privacidade dele antes de prosseguir com a instalação. A política de privacidade deve fornecer uma boa indicação de quais informações o app pretende acessar no seu telefone e o que pretende fazer com elas. Se essas informações não estiverem claras na política de privacidade, não faça o download do app, pois do contrário você ficará no escuro em relação ao que acontecerá exatamente com suas informações. Ao concordar com o Contrato do Usuário, você concede legalmente ao desenvolvedor do aplicativo permissão para ele coletar informações pessoais e fazer o que desejar com elas, o que às vezes envolve a venda desses dados para terceiros. A leitura dos Contratos de Usuários e Políticas de privacidade de um app permitirá que você tome uma decisão informada sobre o quanto da sua privacidade você está disposto a fornecer.

Con Mallon, Diretor Sênior de Gerenciamento de produtos de dispositivos móveis para usuários domésticos na Symantec, oferece três dicas importantes para a segurança de apps e destaca que existem vários sinais indicadores no Google Play destinados a promover a transparência sobre as credenciais de um app.

Três dicas importantes para a segurança de apps

• Leia as críticas sobre os apps na App Store. A classificação de um app pode fornecer informações relevantes.
• Verifique quando o app foi publicado. Como você se sente usando um app que acabou de ser lançado ou que é usado por poucas pessoas? Como isso se encaixa no seu nível de tolerância a riscos?
• Não clique no botão "Instalar" precipitadamente. Para aplicativos do Android, você verá uma lista de "permissões" que o desenvolvedor do app estará solicitando para o app. Se várias permissões estiverem sendo solicitadas, pare um pouco para pensar: esse aplicativo precisa mesmo de tudo isso?

Portanto, apesar de um app gratuito não solicitar nenhum pagamento, ele deseja algo em retorno: o acesso às suas informações pessoais. Os desenvolvedores de apps tendem a obter seus lucros através de serviços publicitários, o que cria a ilusão de que o app está sendo oferecido gratuitamente aos usuários. O que você deve pensar ao instalar um app é o quanto da sua privacidade você está disposto a revelar em troca do seu uso.

Se você deseja eliminar a "adivinhação" do processo de identificação de riscos em apps e se manter no controle de sua privacidade, considere fazer a assinatura de um serviço de segurança que contenha tecnologia de verificação de aplicativos que analisa e relada os comportamentos do apps, como o Norton Mobile Security ou o Norton Security, caso queira proteger também seus PCs e Macs, além dos dispositivos móveis.

Thanks to George Orwell’s classic book 1984, I graduated High School thinking I would eventually live in a world monitored and suppressed by world governments.  In the wake of the PRISM scandal in 2013 I started to get the feeling that Orwell’s dystopian novel was looking like an ill-timed prophesy.  In light of comedian Pete Holms’ rant on how Privacy is Uncool, it is little brother (us) leaking our secrets; no one has to steal them from us.  If you thought unmanaged Social Media privacy settings were bad, how much would you cringe if you knew you were letting people watch you sleep?  Welcome to the perils of the Internet of Things (IoT).

Up until very recently a number of security camera manufactures were shipping internet connected cameras (AKA IP cameras) with default passwords.  Many of these passwords were never changed by the purchaser after setting them up.  It was only a matter of time that someone would set up a website displaying many of these feeds (Up to 73K at its peak). 

Let me introduce Insecam, the website dedicating to not only showing you the unrestricted feeds of home and commercial security cameras but also to where they are located with all of the admin and password information.  In addition to this they have social plugins that let you share your favorite feeds with your community.  Ultimately taken from the pages of the improving-through-shaming security book, this site claims to seek the end of default passwords yet places advertisements conveniently next to navigation icons.

On my review of the site, I saw mundane shots of doors and walkways and more mild scenes of people working the front counters of gas stations and dry-cleaners.   With a chill down my spine I saw a bartender drinking the profits and an overhead shot of a girl scrolling through a fashion site.  What startled me was the shear amount of cameras in bedrooms, a no-no in my world.  Granted that a majority of these were aimed at cribs but the alarming part was the number of unsecured cameras pointed at hospital patients, adult beds, living rooms, and private hot tubs.  Sadly, various online forum contributors claim to have found dead bodies and adults in very private or intimate situations.  Situations like this define the need for better security in the internet of things landscape.

No matter what colored bucket of hacker you place the Insecam’s creator into, they have exposed a gaping hole in the IoT landscape.  In 2011 there were over 9 Billion devices connected to the internet and by the year 2020 it is expected that number will be close to 24 billion.  This is a cause for concern for manufactures and companies like Symantec and a potential bonanza for hackers.  As more and more things come online, we are discovering new vulnerabilities and how some security practices are becoming out of date.  There are obstacles with current security practices but there are ways to overcome them.

Better Password Management

I’m not a fan of passwords.  Since we have to live with them we have to learn how to use them.  I wrote a fun mocku-blog on password best practices for you to loathe and share.  Passwords are a very weak form of security and Insecam proved that.  Two Factor authentication can be used to install and access IP camera feeds via a computer or mobile device.  If you have the time, take a peek at this white paper from Symantec on digital certificates used for authentication. 

When it is all said in done, Insecam victims used default ports and passwords and were most likely discovered by an IP address surfing tool.  A simple change of the password would eliminate them from the site but it could still be guessed by a serious stalker.  Keep in mind that passwords are the number one thing sought after by hackers since we often use the same ones on multiple sites.  Here is how they do it.

Encryption; an IoT solution

As a best PKI practice, all data SHOULD be encrypted in transit and at rest between a Host and Client.  If the device manufactures enabled encryption of the data, only the end user could review the video stream with client authentication.  This would slow the feed a bit but it would secure the connection.  If marketers want to instill trust in their internet connected devices they need to consider implementing a security promise with their messaging.  So how can they encrypt a live feed?

My engineering buddy and counterpart Frank Agurto-Machado recommends the use of embedding a private SSL ROOT CA within each device.  The connection between the manufacture’s infrastructure and the camera would be secured and encrypted via client authentication to this private SSL root.  Ultimately, this may increase the cost of a device but it would help better ensure security.  While this DOES NOT remedy the Password hijacking, it secures the model from point-to-point between the “client” and the host.  Symantec offers Private CAs to enterprises that need customized encryption for server to server communication or for applications such as this. 

The Security Trade-Off

Throughout the course of world history humans have always had to juggle between access and fortification when it comes to security.  Our ancestors had to find a way to secure a food hoard that would not take hours to hide or cover.  Castles had to ensure soldiers and citizens could pass freely yet survive a siege.  Anti-virus software on your PC has to allow you to quickly surf the internet but check and possibly restrict all incoming traffic.  Manufactures within the IoT space have to learn how to balance these two and improve customer messaging to assist them in setting up a trustworthy and secure devices.

Edit:  Since the writing of this blog insecam has been shut down.  From appearances it appears to be taken down by a third-party hacker.

Collecting PECTAgent .dmp files in automation(WInPE4.0) environment:

1 - The app procexp.exe can be used to create PECTAgent dumps in automation, find it here and extract:

<SMPdrive>\Tools\Sysinternals\Processes_And_Threads\ProcessExplorerNt.zip

2 - Create a shared folder on the SMP with "local Admin" or "authenticated users" full permission

3 - in Automation create a share using the command prompt, for example:

X:\>net use q: \\<yourSMPname>\shared

4 - Run "procexp.exe" from Network location (q: in our example)

5 - Right click on PECTAgent.exe
 

6 - Click on Create Dump, Specify type mini or Full
 

7 - Specify the path to create dump files (use the share to store the .dmp file as it is quite large)

8 - Find the .dmp file on the share:

NOTE:

If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help our tech community – Thank you, Mauro

Regin と呼ばれるこの高度なマルウェアは、少なくとも 2008 年以降、世界のさまざまな標的に対する組織的なスパイ活動に利用されています。Regin はバックドア型のトロイの木馬であり、その構造から類を見ない技術力が伺える複雑なマルウェアです。標的に応じてさまざまな機能をカスタマイズできるため、攻撃者にとって大規模な監視活動を行うための強力なフレームワークであり、政府機関、インフラ運営組織、企業、研究者、個人を狙ったスパイ活動に利用されています。

開発には年単位、または少なくとも月単位の期間を要したと考えられ、その痕跡を隠すために開発者は努力を惜しまなかったようです。その機能や豊富なリソースから、Regin は国家によって使用されている主要なサイバースパイツールの 1 つだと思われます。

Backdoor.Reginはホワイトペーパー（英語）で説明されているように、多段階型の脅威であり、第 1 段階を除いて、各段階は隠蔽されて暗号化されています。第 1 段階が実行されると、全部で 5 段階からなる後続の段階が順に復号されてロードされる仕組みです。個々の段階からは、パッケージの全体に関する情報はほとんど得られません。5 つの段階のすべてを入手して初めて、この脅威の分析と理解が可能になるのです。

図 1. Regin の 5 つの段階

また、Regin はモジュール型の手法を採用しているため、標的に応じて用意されたカスタム機能をロードすることができます。この手法は、Flamerや Weevil（The Mask）といった高度なマルウェアファミリーでも見られるものです。また、多段階にロードされる構造は、Duquや Stuxnetで採用されているものに類似しています。

活動の時系列と標的のプロファイル
Regin の感染は 2008 年から 2011 年にかけて、さまざまな組織で確認されていましたが、その後、突然活動を休止しています。2013 年になって、マルウェアの新しいバージョンによる活動が再開されました。標的には、民間企業、政府機関、研究機関が含まれます。感染のほぼ半数は、個人や小規模企業を標的とするものです。通信会社に対する攻撃は、各社のインフラを経由する通話にアクセスすることを狙ったものだと思われます。

図 2. Regin の感染件数の業種別内訳

感染は地理的にも分散していて、主に 10 カ国で確認されています。

図 3. Regin の感染件数の国別内訳

感染経路とペイロード
感染経路は標的によって異なり、このブログの執筆時点で、再現可能な経路は確認されていません。一部の標的は、有名な Web サイトに偽装したサイトにアクセスするように仕向けられた後に、Web ブラウザを介して、またはアプリケーションを悪用されて、この脅威がインストールされたと考えられます。あるコンピュータのログファイルには、未確認の悪用コードによって Yahoo! Instant Messenger から Regin が侵入した痕跡が記録されていました。

Regin はモジュール型の手法を採用しているため、攻撃者は、必要に応じて個々の標的に合わせたカスタム機能をロードすることが可能です。一部のカスタムペイロードは非常に高度な機能を備え、特定分野における高い技術力を示していることから、開発者が高水準のリソースを抱えていることを重ねて証明しています。

Regin には、数十種類ものペイロードが存在し、リモートアクセス型のトロイの木馬（RAT）のさまざまな機能を標準で装備しています。たとえば、スクリーンショットの撮影、マウスのポイントアンドクリック操作の制御、パスワードの窃取、ネットワークトラフィックの監視、削除済みファイルの復元などの機能です。

Microsoft IIS Web サーバーのトラフィックを監視したり、携帯電話の基地局コントローラの管理トラフィックを盗聴したりするなど、さらに特化された高度なペイロードモジュールも確認されています。

ステルス性
Regin の開発者は、この脅威が人目に付かずに活動できるように相当な労力を費やしています。目立たないということは、何年間にもわたる持続的なスパイ活動に利用できるということです。存在が検出されたとしても、どのような活動を実行しているかを確認するのは非常に難しく、今回も、ペイロードがサンプルファイルを復号してようやく、ペイロードを分析することができました。

「ステルス」機能として備えられているのは、フォレンジック対策機能、カスタム開発された暗号化仮想ファイルシステム（EVFS）、RC5 の亜種という通常使われているものとは別の暗号化方式などです。また、攻撃者と秘密裏に通信するために、ICMP の ping、HTTP cookies に埋め込まれたコマンド、カスタムの TCP プロトコルと UDP プロトコルなど、複数の高度な手法を使用しています。

まとめ
Regin は非常に複雑な脅威であり、組織的なデータ収集活動や情報収集活動に利用されています。開発と運用には膨大な時間とリソースを投資する必要があることから、背後に国家が存在すると考えられるでしょう。標的に対して、長期間にわたり執拗に監視活動を実行するうえで非常に適した設計になっています。

Regin が発見されたことで、情報収集活動に利用するツールを開発するために、膨大な投資が継続的に実行されていることが明らかになりました。Regin には、まだ見つかっていないコンポーネントが多数あり、その他の機能や別のバージョンが存在する可能性があります。シマンテックは今後も分析活動を継続し、新しい発見があり次第、情報を提供する予定です。

追加情報
侵害の兆候や、さらに詳しい技術情報については、ホワイトペーパー『Regin: Top-tier espionage tool enables stealthy surveillance（Regin: 人目に付かずに監視活動が可能な最悪のスパイツール）』（英語）を参照してください。

保護対策
シマンテック製品およびノートン製品は、この脅威を Backdoor.Reginとして検出します。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

There are three ways to find this information:

A very specific issue but sharing in case it ever helps someone out.

Following on from my forum query https://www-secure.symantec.com/connect/forums/ev9-iis-sites

I was testing an EV9 to EV10 upgrade and roll back, everything went OK apart from the web-sites (no search or archiveexplorer). After some investigation I realised I did not have the EnterpriseVault virtual directory. Lots of re-installs of EV9, uninstall/reinstalls of EV9, removal of IIS etc.. all without success.

JesusWept3 passed across the below helpful tip:

Cd to your EV directory and type
cscript webapp.vbs

Looked very promising but kept throwing a "Failed to create Virtual Directory" error. Going through the VBS and realising where it was failing I manually created the IIS virtual directory in IIS Manager and re-ran the VBS, much more promising and he script created the Directory and AppPool.

Still no Search.asp or ArchiveExplorerui.asp access, "Archive Explorer generates error: XML returned for tree view is not as expected (500)" and "The service is not available" errors as in http://www.symantec.com/docs/TECH74846. I followed all of the troubleshooting without success.

I then started comparing the settings against working sites. Noticed that "Enable 32-Bit Applications" was set to "False". I changed it to "True", restarted IIS and everything now works.

Not sure how this happened as my EV9, EV10 and EV11 servers all have this value set to "True".

Thanks to JesusWept3 and AndrewB for the help.

Hello all,

Now I know that some of you may class this as spam; however, as Raynet GmbH is a Symantec Partner, I believe that this is a worthy blog post. 

Starting on Monday 1st December 2014, Raynet GmbH will be offering discounts on our products, services & training classes in the form of an advent calender. 

Please visit our web site for further details on this great opportunity:-  https://raynet.de/Events/advent_calendar

Feel free to mention my name when you register for one or more of the upcoming offers. 

2014 年は、大規模なデータ侵害から Web の根幹に関わる脆弱性まで、さまざまなセキュリティ事案が発生しましたが、その中で重要度を判断するのは難しいことです。単に興味を引くだけの出来事もあれば、オンラインセキュリティにおける大きなトレンドを示す出来事もあります。過去の名残に過ぎない脅威もあれば、将来を指し示す脅威もあるのです。

この 1 年にオンラインセキュリティの世界で発生した 4 つの重要な事件を振り返り、そこから得られた（または得るべき）教訓と、来年予想される出来事を考察します。

Heartbleed 脆弱性および ShellShock（Bash Bug）脆弱性の発見
今年の春、Heartbleed 脆弱性が見つかりました。Heartbleed は OpenSSL の深刻な脆弱性です。OpenSSL は、SSL プロトコルと TLS プロトコルの最も普及している実装として、多くの有名な Web サイトで使用されています。攻撃者は、Heartbleed 脆弱性を悪用して、ログイン情報や個人データ、さらには復号鍵といった機密情報を盗み出し、セキュア通信を解読できる可能性があります。

続いて秋口には、Linux および Unix、さらには Unix ベースである Mac OS X の多くのバージョンに搭載されている Bash（シェルと呼ばれる共通コンポーネントの 1 つ）の脆弱性が見つかりました。

ShellShock または Bash Bugと呼ばれるこの脆弱性によって、攻撃者は、侵入先のコンピュータからデータを盗み取ることができるだけでなく、そのコンピュータを制御してネットワーク上の他のコンピュータにアクセスする可能性もあります。

Heartbleed 脆弱性と ShellShock 脆弱性によって、オープンソースソフトウェアのセキュリティに注意が向けられ、電子商取引で使われているきわめて多くのシステムの根幹に関わっていることが明らかになりました。ベンダー独自のプロプライエタリソフトウェアで脆弱性が見つかった場合は、そのベンダー 1 社が提供するパッチが必要になるだけです。しかし、オープンソースソフトウェアの場合には、膨大な数のアプリケーションやシステムに統合されている可能性があるため、管理者はさまざまなベンダーが提供するパッチを必要とします。ShellShock 脆弱性と Heartbleed 脆弱性では、パッチの提供状況や有効性について多くの混乱が発生しました。これを契機に、オープンソースの脆弱性に関して、MAPP プログラムのように足並みを揃えた対応の必要性が認識されることを願っています。

オープンソースプログラムでは、今後もこのような新しい脅威が見つかるでしょう。それらが攻撃者にとって新しい攻撃対象になる可能性がある一方で、最大のリスク要因はやはり、適切なパッチが適用されていない既知の脆弱性です。今年のインターネットセキュリティ脅威レポートによると、正規の Web サイトの 77 % で悪用可能な脆弱性が放置されています。したがって 2015 年は、攻撃者は Heartbleed 脆弱性や ShellShock 脆弱性を悪用すると共に、パッチが適用されていない多数の脆弱性をまんまと悪用し続けることでしょう。

組織化されたサイバースパイ活動とサイバー妨害工作の可能性: Dragonfly および Turla
Dragonfly グループは、2011 年にはすでに活動が確認されており、当初は米国とカナダの航空防衛企業を標的としていましたが、2013 年の初めに主にエネルギー企業に狙いを変えています。このグループは複数の経路で攻撃を仕掛ける能力を備えており、大掛かりな攻撃活動を実行して、産業用制御システム（ICS）機器メーカー数社のソフトウェアにリモートアクセス型のトロイの木馬を感染させました。これにより、攻撃者は、ソフトウェアがインストールされているシステムにアクセスすることができ、標的組織に侵入してサイバースパイ活動を実行する足掛かりができたのです。さらに、それらのシステムの多くでは、石油パイプラインやエネルギー網など、重要なインフラの制御に使用されるICSプログラムが稼働していました。これらの攻撃においてサイバー妨害工作は確認されませんでしたが、攻撃者が妨害工作を実行できる能力を持ち合わせており、いつでも攻撃を仕掛けることができたのは間違いありません。おそらく、攻撃の開始を待ち構えていたところで、実行前に中断したのでしょう。

また、Dragonfly は、標的の組織に侵入するために標的型のスパムメール攻撃や水飲み場型攻撃を実行していました。Turla マルウェアの背後にいるグループも、同様に多段階の攻撃戦略を用いており、スピア型フィッシングメールや水飲み場型攻撃を使って標的を感染させます。水飲み場型攻撃では標的を極度に絞り込んだ侵害機能が用いられ、特定範囲の正規の Web サイトを侵害して、事前に指定した IP アドレス範囲からアクセスした標的のみにマルウェアを配布していました。さらに、攻撃者たちは、重要度の高い標的のために最も高度な監視ツールも用意しています。ただし、Turla の動機は Dragonfly とは異なります。Turla の攻撃者は大使館や政府機関を標的として長期的な監視活動を実行しており、これはきわめて典型的なスパイ活動です。

Dragonfly の攻撃と Turla の攻撃のどちらにも、国家が支援している活動に見られる特徴があり、高度な技術力と豊富なリソースが認められます。これらのグループは、複数の経路で攻撃を仕掛けたり、多数のサードパーティの Web サイトを侵害したりできる能力を備え、サイバースパイ活動を目的としているようです。Dragonfly はさらに、妨害工作を実行する能力も備えています。

こうした攻撃は、ほぼ毎日観測される多数のサイバースパイ攻撃のほんの一例です。問題は世界中で発生していて静まる気配はありません。Sandwormなどによる攻撃でも、多数のゼロデイ脆弱性が悪用されています。高度な技術リソースや潤沢な資金力を踏まえると、これらの攻撃は国家が支援している可能性が高いでしょう。

狙われたクレジットカード
盗んだクレジットカードやデビットカードのデータを闇市場で販売して儲けるために、こうしたカード類は犯罪者の格好の標的となっています。今年は、店頭レジ端末（POS）システムを狙って消費者の決済カード情報を盗み取る大規模な攻撃が何件も発生しました。米国が主な標的となった原因として、磁気ストライプのカードよりも高度なセキュリティを提供する、EMV（Europay, MasterCard, and VISA）と呼ばれる「チップアンドピン」方式のシステムが採用されていないことが挙げられます。攻撃に使用されたマルウェアは、決済カードの磁気ストライプから読み取られた情報を、暗号化される前に盗み取ることが可能です。この情報を使ってカードを複製することができます。EMV カードの取引情報は一回限りの暗号化が毎回行われるため、犯罪者が決済データの有用な部分だけを選んで別の購入に再利用するのは困難です。ただし、EMV カードも不正なオンライン購入に利用される危険性があります。

また、今年は、近距離無線通信（NFC）技術を利用して iPhone を「仮想財布」として利用する Apple Pay も開始されました。NFC とは、ハードウェアデバイスから近くにある別の物理オブジェクト（Apple Pay の場合は店のレジ）に、データを無線で送信する通信手段です。

NFC 決済システムは目新しいものではありませんが、多くのスマートフォンで NFC 規格がサポートされるようになれば、来年はこの技術を利用する消費者も増えると予想されます。NFC システムは磁気ストライプよりも安全性が高いとはいえ、依然として犯罪者に悪用される可能性があることには注意が必要です。ただし、犯罪者は個々のカードを標的とする必要があるので、今年米国で発生したような大規模な侵害や盗難は起きないでしょう。しかし、決済カードデータを安全に保管していない小売業者を NFC 決済システムが保護してくれるわけではありません。保管されたデータは、引き続き厳重に保護する必要があります。

法執行機関との協力体制の強化
最後は、よいニュースをお伝えします。今年は、国際的な法執行機関が、サイバー犯罪者の摘発に向けてオンラインセキュリティ業界との協力を深め、従来よりも活発かつ積極的に活動した事例が多く見られました。

Blackshades は、初心者レベルのハッカーから高度なサイバー犯罪グループにいたるまで、さまざまな攻撃者によって使用されている有名かつ強力なリモートアクセス型のトロイの木馬（RAT）です。2014 年 5 月、FBI、欧州警察組織、その他複数の法執行機関は、Blackshades（別名 W32.Shadesrat）に関連するサイバー犯罪活動の疑いで数十名を逮捕しました。今回の一斉摘発において、シマンテックは FBI と緊密に連携し、関与した容疑者たちを追跡するための情報を提供しています。

そのちょうど 1 カ月後、FBI、英国の国家犯罪対策庁、その他複数の国際的な法執行機関は、シマンテックを含め複数の民間パートナーと協力して、非常に危険な 2 つの金融詐欺活動、Gameover Zeus ボットネットと Cryptolocker ランサムウェアネットワークに対する大規模な摘発作戦を実行しました。この結果 FBI は、双方の脅威によって使われていた大規模なインフラを押収しています。

これらの摘発作戦を含めて継続的な取り組みは行われているものの、サイバー犯罪が一夜にしてなくなることはありません。長期的な成功のためには、民間のパートナーと法執行機関が協力を継続することが必要です。サイバー犯罪活動がますます急速に高度化していくなか、サイバー犯罪者を摘発して活動を停止させるべく、今後もこの協力活動が続くことを期待します。

以上が、2014 年のオンラインセキュリティにおける 4 大事件です。まだ 2015 年まで数週間あるので、もちろん新しい事件が発生する可能性もあります。しかし、将来何が起きようとも、シマンテックはお客様を保護することをお約束いたします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Earlier this year, Symantec announced the end-of-life (EOL) for the Symantec pcAnywhere™ product. Today, we are excited to announce we are working with Bomgar as the recommended replacement for pcAnywhere.

Bomgar’s remote support solutions are used by thousands of IT organizations and service desks worldwide to securely access and fix remote computers, systems and mobile devices. Bomgar and Symantec are partnering to provide preferred pricing to current pcAnywhere users who choose to upgrade to Bomgar.

For information on Bomgar’s preferred pricing for pcAnywhere customers, please visit www.bomgar.com/pcanywhere.  

And, please join us for a special webcast on December 4th to learn more about Bomgar.

Register for the webcast!

Here is some of November 2014's most viewed content in the Storage and Clustering community:

1. Configuring Redis High Availability
2. VCS Cluster not Starting.
3. Veritas Disk Group Disabled
4. How to Check VCS Version and Update
5. How to find the LUN size with Veritas Commands?
6. HBA Checking Commands
7. ​NEW RELEASE: Introducing Storage Foundation High Availability 6.1
8. Veritas Operations Manager (VOM) Videos
9. SFHA Solutions 6.0.1: About the Cluster Manager (Veritas Cluster Server Java Console) and Veritas Operations Manager
10. SmartIO blueprints, assessment guide and deployment guide

Miss seeing the November Newsletter? Available here.

And here is the list of top Storage and Clustering community Support Technotes for the past quarter. 

Backup Exec Install Blog (VC Runtimes)

Backup Exec 2014 has had a warm reception in the field, and it is so good to see the excitement around the product return!  From my point of view, there were only a few customer-facing changes on the install side for this release. One of those changes was a shift in how we install Microsoft Visual C++ Runtimes with the product. This blog will attempt to explain that shift and the reasons behind it.

What is a VC Runtime and why do you care? Well, the Microsoft Visual C++ Runtimes are basically a set of files Microsoft delivers to application vendors, like Symantec, who build Windows applications on top of them. Essentially, runtimes provide the interfaces Backup Exec needs to get work done on a Windows system. They are delivered in two ways:

1. As a standalone installation package that vendors can install before their application
2. As a "Merge Module" that gets embedded into a Windows Installer package (MSI)

Backup Exec releases prior to 2014 installed the Microsoft Visual C++ Runtimes as part of the base product installation, meaning they were embedded into the main product installation package ("Symantec Backup Exec for Windows Servers.msi"). So, anytime Microsoft released an update to one of the underlying versions of the runtimes we installed, we also had to consider building and delivering a Backup Exec patch to propagate the associated fix(es). Doing so took time to build, test, and release. If the reason Microsoft released a fix was for a security issue, then our time to build, verify, and deliver our patch only further delayed the propagation of that change to our customers.

In the security world we live in, this was not acceptable and therefore required a new approach. That resulted in a shift from embedding the runtime installers within our installation package to providing them on our DVD installation media and having the Backup Exec 2014 installer execute them silently during installation. This adds a minute or two to our installation time; however, it severely decreases the time required to patch them because Microsoft recognizes the standalone Visual C++ Runtime installers in "Windows Live Update," and it will accordingly install any Microsoft-provided patches for them.

I have seen a couple of cases in the forums in which customers copy the RAWS32 or RAWSx64 directories from a media server to their desktop and then try to install the agent locally. Doing so will typically fail because the install is now looking for the runtimes to be present in a relative directory. What that means is that on the DVD, this runtime install folder (VCRedist) is present at the same directory level as the RAWS32/RAWSx64 directory. When our install executes, it tries to execute the standalone installers to ensure that any upgrades required by the runtime installers are completed before Backup Exec installs. This is because the Backup Exec installer now depends on them to be present in that relative directory, and they have to be updated before we install the product and/or any updates. If it cannot find the VCRedist folder, the install will fail with an error. Verify you are not running into this error if you do get a failure.

I hope this helps, and we welcome your feedback,
Nick

Symantec is pleased to announce that Mobility Suite 5.1 will be generally available today, December 1, 2014!  Mobility Suite 5.1 continues Symantec’s improvements featured in the Mobility Suite 5.0 release with improvements across MDM, Secure Email, and Threat Protection.  Mobility Suite 5.1 will be available as both SaaS (December 4th) and On-Premise versions.

Symantec Mobility: Suite makes mobility manageable and secure, integrating mobile device management (MDM), mobile application management (MAM), and threat protection into one centrally controlled console.  Mobility Suite 5.1 delivers enhancements for both administrators and end-users. 

Feature Highlights

Improved MDM

• Expanded certificate support with Microsoft Certificate Authority for iOS
  • Integration with Microsoft CA for certificate delivery
  • EAS, VNP, and Wi-Fi certificates for iOS
• Enhancements to Windows Phone 8.1 MDM
  • Added restrictions for devices
  • MDM compliance assessment to verify and re-apply MDM policies

Secure Email with consumer class usability (coming in 5.1.1)

• Push email capability
• User interface redesign

Improved protection against malware and risky apps

• New Mobility Threat Protection policies:
  • Configure scan frequency
  • Web protection
  • SD card scanning settings
• Requires new Norton Mobile Security app (targeted release for the 2nd week of December)

Enhanced end user experience

• Release of iPad enterprise Work Hub
• Updated UI and improvements for both iOS and Android Work Hub app

Anytime, Anywhere management

• New Admin Hub mobile app lets admins manage via mobile devices
  • Ability to complete urgent and frequent tasks
  • Access actionable information on the go

Technical Support

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions: www.symantec.com/business/support/. You can also visit our website for more information.

Dont forget to follow us for more information!

Twitter: @SYMCmobility

This is the first in a series of Vista Migration podcasts sponsored by Altiris. In this episode, Microsoft MVPs Danielle Ruest and Nelson Ruest lay the foundation of a successful migration starting with step 1 of their 10-step migration program: To migrate, or not to migrate?

Listen online or copy the MP3 file to your favorite player to make that time on the treadmill (or the turnpike) educational.

Click here to start listening. (Right-click to download the podcast to your computer).